Shubham Taware's Blog

Lost EC2 Private Key, No Problem: Recovering Your EC2 Instance Access

Shubham Taware's photo
Shubham Taware
·

5 min read

Lost EC2 Private Key, No Problem: Recovering Your EC2 Instance Access

Losing the private key for your EC2 instance can feel like a dead end. But don’t worry there are ways to get back in. In this article, we’ll show you easy steps to recover access to your EC2 instance, even if you don’t have the key. From using built-in AWS tools to making changes to your instance, we’ll cover all the options to help you get back online.

Firstly we will know:

  • What is pem key?

    A file with the .pem extension is short for Privacy Enhanced Mail, it is commonly used for storing cryptographic keys and certificates, in AWS it generally refers to a private key file used to securely access (ssh) EC2 instances.

    Key Pair Components:

    • Private Key (.pem file): This is a secret file that you keep on your local machine. It's used to authenticate your connection to the EC2 instance. Only you should have access to this file.

    • Public Key: This key is stored on the EC2 instance. It’s used to verify the identity of anyone connecting to the instance with the corresponding private key.

  • How Does It Work?

    1. Key Pair Creation:

      • When you create an EC2 instance, you either generate a new key pair. AWS provides you with the private key file ( .pem ), while AWS installs public key on instance.

    2. Connecting to the Instance:

      • When you want to connect to your EC2 instance, you use an SSH client along with your and .pem file. The SSH client uses the private key to prove our identity to server.

    3. Authentication Process:

      • The SSH client sends a connection request to the EC2 instance, using private key.

      • The EC2 instance uses the public key (stored on the instance) to verify the request. If it matches, access is granted.

    4. Secure Communication:

      • Once authenticated, a secure channel is established between your SSH client and the EC2 instance, allowing encrypted communication.

Step-by-Step Process for Recovering a .pem File

If the .pem file is lost, you can’t get it back from AWS because AWS doesn’t keep a copy due to security reasons. But still, you can access your EC2 instance using the following steps:

  • Step 1: Stop the EC2 Instance

    Stopping the instance is necessary in certain recovery processes to safely modify the instance's configuration or data.

    Make sure to wait until the instance status changes to "stopped" before proceeding to the next steps.

  • Step 2: Detach the Root EBS Volume:

    You need to detach the volume from the instance so that you can change the configuration.

    By detaching the volume, you can now attach it to another instance for further modifications, such as updating the authorized_keys file to regain access to your original instance.

  • Step 3: Attach the EBS Volume to Another Instance:

    Now launch another EC2 instance in the same availability zone by creating new .pem file. By using this instance we can access the file system of stopped instance.

    Now again navigate to EBS dashboard, now select detached volume, click Actions, and choose attach volume.

    We have selected the newly created instance and device name as /dev/sdk.

  • Step 4: Access the File System

    SSH into the second EC2 instance using its .pem file.Once logged in, mount the attached EBS volume.

    First check for the volume using the command

      #Command will list the volumes attached
  lsblk -f

    In our case attached volume name is xvdh.

    Create directory and mount the volume to that directory.

    Navigate to the directory containing the SSH authorized keys file.

  • Step 5: Modify the Authorized Keys

    We need to change the public key inside .ssh/authorized_keys file with our newly created instance public key.

    First get the public key of the newly created instance below command. Copy it.

    Paste the copied key in the /recovery/home/ubuntu/.ssh/authorized_keys

  • Step 6: Reattach the EBS Volume to the Original Instance:

    Unmount the EBS volume from the second instance

    Detach the EBS volume from second instance

    Now reattach volume to original instance.

  • Step 7: Start the EC2 Instance:

    Go back to the EC2 Dashboard and select your original instance.

    Right-click on it, go to Instance State, and click Start.

  • Step 8: Access the Instance with the New .pem File:

    Now, you can SSH into the original instance using your new .pem file

      ssh -i /path/to/new-key.pem ec2-user@your-instance-ip

Other methods you can use to access EC2 are:

  • EC2 Instance Connect:

    Amazon EC2 Instance Connect allows you to securely connect to your instance without needing a pem file. This method is available for Amazon Linux 2 and Ubuntu instances.

  • AWS Systems Manager:

    Session Manager allows you to connect to your instance without needing SSH access. This method requires that the AWS Systems Manager Agent (SSM Agent) is installed and properly configured on the instance.

Conclusion

Regaining access to your EC2 instance after losing the PEM file involves stopping the instance, detaching and mounting its EBS volume, and then repairing and accessing the data. By following these steps, you can recover your data and restore access to your EC2 instance.

For more insightful content on technology, AWS, and DevOps, make sure to follow me for the latest updates and tips. If you have any questions or need further assistance, feel free to reach out—I’m here to help!

Streamline, Deploy, Succeed-- Devops Made Simple!☺️

AWSebssshDevopsCloud